On June 20, 2024, the Northern District of Texas issued its final order in American Hospital Association, et al. v. Becerra, et al. (AHA), granting the plaintiffs’ (the American Hospital Association, two Texas health systems...more
6/28/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Business Associates ,
Consumer Privacy Rights ,
Covered Entities ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Hospitals ,
OCR ,
PHI ,
Privacy Laws ,
Regulatory Authority ,
State Privacy Laws ,
Web Tracking ,
Websites
Late on March 27, Change Healthcare (CHC)’s parent company, UnitedHealth Group (UHG), provided an update on its analysis of the extent of “impacted data” involved in the CHC incident....more
When the U.S. Department of Health and Human Services, Office for Civil Rights (HHS OCR) issued its guidance on “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” on Dec. 1, 2022 Original...more
BakerHostetler is closely monitoring imminent cybersecurity threats to healthcare revenue cycle management personnel and vendors.
Most recently, Change Healthcare (CHC), a healthcare technology and business management...more
2/26/2024
/ Breach Notification Rule ,
Business Associates ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Popular ,
Technology ,
Third-Party Service Provider
As noted back in December 2022, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued dramatic guidance (often called the Bulletin) that targets the use of so-called Internet “tracking...more
As we approach the conclusion of another transformative year, we are excited to present our comprehensive year-end review, shedding light on the trends shaping the healthcare market in 2023. Our team’s keen insights and...more
1/19/2024
/ Antitrust Litigation ,
Artificial Intelligence ,
Biotechnology ,
Cannabis Products ,
Centers for Medicare & Medicaid Services (CMS) ,
Complex Corporate Transactions ,
Coronavirus/COVID-19 ,
Corporate Transparency Act ,
Electronic Protected Health Information (ePHI) ,
False Claims Act (FCA) ,
Health Care Providers ,
Hospitals ,
Information Blocking Rules ,
Medical Research ,
Medicare ,
PHI ,
Private Equity ,
Recovery Audit Contractors (RACs) ,
Regulatory Oversight ,
Section 340B ,
SNF ,
US ex rel Tracy Schutte et al v SuperValu Inc et al
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail...more
12/14/2022
/ Business Associates ,
Cookies ,
Covered Entities ,
Data Collection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
PHI ,
Tracking Systems
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021.
This episode takes us deeper into the Office for...more
The United States Court of Appeals for the Fifth Circuit recently found that the United States Department of Health and Human Services (HHS) lacked a lawful basis for a $4.3 million civil money penalty order that it issued to...more
Healthcare data can be up to 10 times more valuable to cyber criminals than credit card numbers, according to a report from the Department of Health & Human Services’ (HHS) Office of the Inspector General (OIG). And, with...more
The OCR’s January 2018 newsletter details specific types of cyber extortion that healthcare organizations are currently encountering, including ransomware, denial of service attacks, distributed denial of service attacks and...more
On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb....more
2/1/2018
/ Confidential Information ,
Cybersecurity ,
Data Privacy ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Medical Records ,
Patient Privacy Rights ,
Popular ,
SAMHSA ,
Substance Abuse
Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by...more
Just four months into 2016, the healthcare industry is already facing a permanent and increasing threat to hospital operations: ransomware. Previously, BakerHostetler reported that Hollywood Presbyterian Hospital paid 40...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) continued its run of resolution agreements for HIPAA violations, pulling in $5.45 million from just two entities, North Memorial Health Care of...more
Every tax season is plagued with scams to defraud individuals and companies for money from tax returns. However, this year has started off with a bang and this means that the healthcare industry has another reason to worry....more
3/14/2016
/ Data Breach ,
Email ,
Hackers ,
Health Care Providers ,
Identity Theft ,
IRS ,
Phishing Scams ,
Popular ,
Spoofing ,
Tax Fraud ,
Tax Returns
On January 13, 2016, the Department of Health and Human Services’ Administrative Law Judge upheld the Office for Civil Rights’ (OCR’s) civil monetary penalty (CMP) against Lincare, Inc., d/b/a United Medical (Lincare), for...more
CMS and the Office of the National Coordinator for Health Information (ONC) recently released the 752-page final rule for Meaningful Use Stages 2 (MU2) and 3 (MU3). The final rule provides a flexible timeline for providers...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more
10/14/2015
/ Compliance ,
Corporate Fines ,
Corrective Actions ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personally Identifiable Information ,
PHI ,
Privacy Concerns ,
Security Risk Assessments ,
Security Rule
In light of the recently reported large healthcare data breaches that have resulted in the potential theft of the personal information of millions of patients, the FBI warned healthcare providers yet again of the dangers of...more
The Ponemon Institute's recent publication of its fourth annual 2013 Survey on Medical Identity Theft (Survey) confirmed what many in the healthcare industry already knew: identity theft is a serious and often overlooked...more
A California hospital that disclosed a patient’s medical record in response to a California Watch investigative report on the alleged inappropriate billing practices of the hospital’s parent organization was recently cited by...more